[nycbug-talk] interesting read

alex at pilosoft.com alex
Sat May 21 14:31:56 EDT 2005


On Sat, 21 May 2005, Dru wrote:

> >> Go back to the original URL. Open source is not a product.
> > Did I say it was? I said, "open source licensing is not beneficial for
> > a life-critical application".
> 
> Why? At first glance, this sounds like the argument "open source
> licensing is not beneficial for security applications". If that's not
> what you mean, please clarify.
Hrm. Well, those are different things. Open source for security apps is a 
double-edged sword - the downside is the 'obscurity' factor of security is 
removed. Obscurity is an excellent defense against poorly-funded and/or 
poorly-motivated attackers. Of course, the benefit is that [hopefully] 
many eyes will spot the bugs and the end product will end up more secure.

Open-source for life-critical applications is simply irrelevant: When 
there are human lives on the line, you don't really care about the ability 
to recompile and redistribute the source - you either trust the maker of 
the software or you don't. If you don't trust the maker and end up 
"fixing" the software, that's recipe for disaster.

-alex





More information about the talk mailing list